Toadkits include several tools to allow developers to obfuscate the Tcl source code embedded in a VFS. Toadkits take the approach of ONLY obfuscating individual files. The reasons are many, and should be obvious to anyone familiar with encryption.

Toadkits include odielb, which generates a random password and embeds it in C. That secret key is available in the build system as "password.txt" in the build directory. (You can also provide a manual password by replacing the contents of that file with your own chosen string.)

Also embedded in odielib is the following command: ::kit::crypt_eval. This command can directly execute a block of code that was obfuscated with the embedded key.

The kit also has a built in function to generate an obfuscated block of code: ::kit::encrypt. The default implementation uses a bare kit compiled without an attached VFS to act as a shell to run the scm-copy.tcl script distributed in the scripts folder.

Instead of copying the files into the VFS directory, the make system build an obfuscated version in the VFS, using this block of code: